Think twice before sending your next text message. Or better yet, make sure you are using an end-to-end encryption method.
Consumers regularly use different types of messaging technology from the biggest technology companies including Apple, Alphabet and Meta Platforms, including iMessage, Google Messages, WhatsApp and SMS, but the level of protection varies. Now, the U.S. government is expressing greater concern after a recent massive hack of the nation’s largest telecom companies.
Last month, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation revealed a campaign by hackers associated with China, Salt Typhoon, that compromised AT&T and Verizon, and others, and was one of the largest hacks of U.S. infrastructure in history. Following that warning, CISA, the National Security Agency, the FBI and international partners published a joint guide to help protect Americans. One suggestion is to use end-to-end encryption, a method that makes communications more secure.
End-to-end encryption helps ensure that only the intended recipients can read your messages as they travel between your phone and another person’s phone. Secure messaging apps use end-to-end encryption to protect communications from hackers, surveillance and unauthorized access, so even messaging app providers can’t read your messages.
“All things being equal, if you have the opportunity to use a platform that’s end-to-end encrypted, you should,” said Michael Hughes, chief business officer of Duality Technologies, which allows organizations to share and analyze sensitive data using encryption.
Many consumers don’t know their options for communicating securely over messaging apps. Here are the basics.
WhatsApp, Signal among best end-to-end options
Consumers use different messaging apps for various purposes, often without giving a second thought to security. However, there are notable differences among platforms that people need to be aware of.
From a security perspective, free messaging apps like Meta’s WhatsApp and Signal — whose co-founder was one of the creators of WhatsApp — are considered the best because end-to-end encryption is built in. That makes these apps highly preferable to SMS and MMS, two older methods of messaging that don’t offer end-to-end encryption, said Trevor Horwitz, founder of TrustNet, a cybersecurity and compliance services provider.
Even platforms considered the best for end-to-end encryption have downsides. Signal is a favorite among many privacy enthusiasts because its mission emphasizes not collecting or storing sensitive information. This can be especially compelling for people who are wary of WhatsApp’s parent Facebook and its privacy practices. The downside to Signal is it’s not as widely used as WhatsApp and if your contacts aren’t on it, you can’t communicate, said Roger Grimes, an analyst at KnowBe4, a security platform provider.
There are also paid messaging apps that are end-to-end encrypted, such as Threema. It’s privacy by design and no phone number or email address is required, but it costs a few dollars, and getting your friends and family to join when there are free options that are already popular might be a challenge.
Most people will use encryption “if it’s default and they don’t have the slightest inconvenience,” Grimes said.
RCS and iMessage
Many messaging platforms now use RCS, which stands for Rich Communication Services. It’s a successor to SMS and MMS that has enhanced features and also offers the ability for end-to-end encryption, though not by default on all devices. For example, RCS messages using Google Messages are automatically upgraded to end-to-end encryption, but Apple’s implementation of RCS on iPhones is not end-to-end encrypted, Horwitz said.
For any Apple device user, the company’s proprietary iMessage app is end-to-end encrypted, but for users sending RCS messages through other text plans, such as a mobile carrier text option, end-to-end encryption isn’t offered. As Apple explains itself of sending messages through non-iMessage RCS options: “They’re not protected from a third-party reading them while they’re sent between devices.”
Additionally, not all devices are compatible with RCS and it’s not universally supported by carriers. Plus, there are compatibility issues between some iPhone and Android devices that are still being worked out, Horwitz said.
Facebook Messenger gaps in encryption
It’s even more complicated because technology companies have multiple messaging products and not every application from a particular provider supports end-to-end encryption in the same way. For example, Facebook Messenger offers end-to-end encrypted messages, but not in all cases. According to Facebook, some products don’t currently support end-to-end encryption, such as community chats for Facebook groups, chats with businesses or accounts using business messaging tools, Marketplace chats and others.
Consumers should try to dig deeper into the apps they are using to understand how end-to-end encryption works for a particular app, said Deirdre Connolly, cryptography standardization research engineer at SandboxAQ, an AI applications developer. This information is often available in the support or privacy section of a provider’s website. But even then, it can be hard to find and decipher. “You have to go into the fine print,” Connolly said.
Google vs. Apple
Google Messages is the default messaging app on many devices running the Android operating system and many people use it to communicate, but consumers need to understand that not all messages sent or received using the app are end-to-end encrypted. The app supports end-to-end encryption when messaging other users using Google Messages over RCS, according to the company. But messages aren’t end-to-end encrypted when communicating with an iPhone user, for example. Text messages appear dark blue in the RCS state and light blue in the SMS/MMS state. Users will also see a lock symbol when end-to-end encryption is active in a conversation.
In Apple’s case, communications between two iMessage users are end-to-end encrypted, but iMessage is an Apple-specific platform. That means, at present, communications between iMessage users and Android device users aren’t end-to-end encrypted. A green message bubble instead of a blue one indicates the message was sent using MMS/SMS instead of iMessage.
In fact, a Department of Justice antitrust case against Apple harps on the failure to offer end-to-end encryption outside its iOS messaging app as a monopoly concern.
Protocols are being developed to allow end-to-end encryption between different communication platforms using RCS, but that’s still a work in progress. “Work with key industry stakeholders is progressing well and we look forward to updating the market in the coming months,” said a spokesperson for GSMA, an industry organization spearheading this effort.
Phone settings and ongoing risk of hacks
One thing people should do is check the settings on their phones. Many consumers have older phones and those who don’t have auto updates enabled may miss critical security updates, which could include messaging apps that allow for end-for-end encryption, said Chris Henderson, senior director of threat operations at Huntress, a cybersecurity company. Also, with a new phone, settings on transferred apps might not migrate. If you have enabled end-to-end encryption for apps on your prior phone, it’s also a good idea to check that the settings are enabled on the new phone as well, Henderson said.
End-to-end encryption is not foolproof because hackers can intercept users’ communications in other ways, such as if the device itself is compromised, Horwitz said. For security purposes, it’s also important to keep your devices healthy by installing all software updates, avoiding sketchy downloads, and performing periodic reboots.
Even so, using end-to-end encryption is a good practice, when available. “Threat actors go where the masses go,” said Kory Daniels, global CISO for Trustwave, a cybersecurity and managed security services provider. “If the masses are still using unencrypted communication methods, [bad actors] will continue to exploit the opportunity until users begin to evolve their digital behaviors.”
Startup Figure AI is developing general-purpose humanoid robots.
Figure AI
Figure AI, an Nvidia-backed developer of humanoid robots, was sued by the startup’s former head of product safety who alleged that he was wrongfully terminated after warning top executives that the company’s robots “were powerful enough to fracture a human skull.”
Robert Gruendel, a principal robotic safety engineer, is the plaintiff in the suit filed Friday in a federal court in the Northern District of California. Gruendel’s attorneys describe their client as a whistleblower who was fired in September, days after lodging his “most direct and documented safety complaints.”
The suit lands two months after Figure was valued at $39 billion in a funding round led by Parkway Venture Capital. That’s a 15-fold increase in valuation from early 2024, when the company raised a round from investors including Jeff Bezos, Nvidia, and Microsoft.
In the complaint, Gruendel’s lawyers say the plaintiff warned Figure CEO Brett Adcock and Kyle Edelberg, chief engineer, about the robot’s lethal capabilities, and said one “had already carved a ¼-inch gash into a steel refrigerator door during a malfunction.”
The complaint also says Gruendel warned company leaders not to “downgrade” a “safety road map” that he had been asked to present to two prospective investors who ended up funding the company.
Gruendel worried that a “product safety plan which contributed to their decision to invest” had been “gutted” the same month Figure closed the investment round, a move that “could be interpreted as fraudulent,” the suit says.
The plaintiff’s concerns were “treated as obstacles, not obligations,” and the company cited a “vague ‘change in business direction’ as the pretext” for his termination, according to the suit.
Gruendel is seeking economic, compensatory and punitive damages and demanding a jury trial.
Figure didn’t immediately respond to a request for comment. Nor did attorneys for Gruendel.
The humanoid robot market remains nascent today, with companies like Tesla and Boston Dynamics pursuing futuristic offerings, alongside Figure, while China’s Unitree Robotics is preparing for an IPO. Morgan Stanley said in a report in May that adoption is “likely to accelerate in the 2030s” and could top $5 trillion by 2050.
Concerns about stock valuations in companies tied to artificial intelligence knocked the market around this week. Whether these worries will recede, as they did Friday, or flare up again will certainly be something to watch in the days and weeks ahead. We understand the concerns about valuations in the speculative aspects of the AI trade, such as nuclear stocks and neoclouds. Jim Cramer has repeatedly warned about them. But, in the past week, the broader AI cohort — including real companies that make money and are driving what many are calling the fourth industrial revolution — has been getting hit. We own many of them: Nvidia and Broadcom on the chip side, and GE Vernova and Eaton on the derivative trade of powering these energy-gobbling AI data centers. That’s not what should be happening based on their fundamentals. Outside of valuations, worries also center on capital expenditures and the depreciation that results from massive investments in AI infrastructure. On this point, investors face a choice. You can go with the bears who are glued to their spreadsheets and extrapolating the usable life of tech assets based on history, a seemingly understandable approach, and applying those depreciation rates to their financial models, arguing the chips should be near worthless after three years. Or, you can go with the commentary from management teams running the largest companies driving the AI trade, and what Jim has gleaned from talking with the smartest CEOs in the world. When it comes to the real players driving this AI investment cycle, like the ones we’re invested in, we don’t think valuations are all that high or unreasonable when you consider their growth rates and importance to the U.S., and by extension, the global economy. We’re talking about Nvidia CEO Jensen Huang, who would tell you that advancements in his company’s CUDA software have extended the life of GPU chip platforms to roughly five to six years. Don’t forget, CoreWeave recently re-contracted for H100s from Nvidia, which were released in late 2022. The bears with their spreadsheets would tell you those chips are worthless. However, we know that H100s have held most of their value. Or listen to Lisa Su, CEO of Advanced Micro Devices , who said last week that her customers are at the point now where “they can see the return on the other side” of these massive investments. For our part, we understand the spending concerns and the depreciation issues that will arise if these companies are indeed overstating the useful lives of these assets. However, those who have bet against the likes of Jensen Huang and Lisa Su, or Meta Platforms CEO Mark Zuckerberg, Microsoft CEO Satya Nadella, and others who have driven innovation in the tech world for over a decade, have been burned time and again. While the bears’ concerns aren’t invalid, long-term investors are better off taking their cues from technology experts. AI is real, and it will increasingly lead to productivity gains as adoption ramps up and the technology becomes ingrained in our everyday lives, just as the internet has. We have faith in the management teams of the AI stocks in which we are invested, and while faith is not an investment strategy, that faith is based on a historical track record of strong execution, the knowledge that offerings from these companies are best in class, and scrutiny of their underlying business fundamentals and financial profiles. Siding with these technology expert management teams, over the loud financial expert bears, has kept us on the right side of the trade for years, and we don’t see that changing in the future. (See here for a full list of the stocks in Jim Cramer’s Charitable Trust, including NVDA, AVGO, GEV, ETN, META, MSFT.) As a subscriber to the CNBC Investing Club with Jim Cramer, you will receive a trade alert before Jim makes a trade. Jim waits 45 minutes after sending a trade alert before buying or selling a stock in his charitable trust’s portfolio. If Jim has talked about a stock on CNBC TV, he waits 72 hours after issuing the trade alert before executing the trade. THE ABOVE INVESTING CLUB INFORMATION IS SUBJECT TO OUR TERMS AND CONDITIONS AND PRIVACY POLICY , TOGETHER WITH OUR DISCLAIMER . NO FIDUCIARY OBLIGATION OR DUTY EXISTS, OR IS CREATED, BY VIRTUE OF YOUR RECEIPT OF ANY INFORMATION PROVIDED IN CONNECTION WITH THE INVESTING CLUB. NO SPECIFIC OUTCOME OR PROFIT IS GUARANTEED.
Every weekday, the CNBC Investing Club with Jim Cramer releases the Homestretch — an actionable afternoon update, just in time for the last hour of trading on Wall Street. Markets: The S & P 500 bounced back Friday, recovering from the prior session’s sharp losses. The broad-based index, which was still tracking for a nearly 1.5% weekly decline, started off the session a little shaky as Club stock Nvidia drifted lower after the open. It was looking like concerns about the artificial intelligence trade, which have been dogging the market, were going to dominate back-to-back sessions. But when New York Federal Reserve President John Williams suggested that central bankers could cut interest rates for a third time this year, the market jumped higher. Rate-sensitive stocks saw big gains Friday. Home Depot rose more than 3.5% on the day, mitigating a tough week following Tuesday’s lackluster quarterly release. Eli Lilly hit an all-time high, becoming the first drugmaker to reach a $1 trillion market cap. TJX also topped its all-time high after the off-price retailer behind T.J. Maxx, Marshalls, and HomeGoods, delivered strong quarterly results Wednesday. Carry trade: We’re also monitoring developments in Japan, which is dealing with its own inflation problem and questions about whether to resume interest rate hikes. That brings us to the popular Japanese yen carry trade, which is getting squeezed as borrowing costs there are rising. The yen carry trade involves borrowing yen at a low rate, then converting them into, say, dollars, and investing in higher-yielding foreign assets. That’s all well and good when the cost to borrow yen is low. It’s a different story now that borrowing costs in Japan are hitting 30-year highs. When rates rise, the profit margin on the carry trade gets crunched, or vanishes completely. As a result, investors need to get out, which means forced selling and price action that becomes divorced from fundamentals. It’s unclear if any of this is adding pressure to U.S. markets. We didn’t see anything in the recent quarterly earnings reports from U.S. companies to suggest corporate fundamentals are deteriorating in any meaningful way. That’s why we’re looking for other potential external factors, alongside the well-known concerns about artificial intelligence spending, the depreciation resulting from those capital expenditures, and general worries about consumer sentiment and inflation here in America. Wall Street call: HSBC downgraded Palo Alto Networks to a sell-equivalent rating from a hold following the company’s quarterly earnings report Wednesday. Analysts, who left their $157 price target unchanged, cited decelerating sales growth as the driver of the rerating, describing the quarter as “sufficient, not transformational.” Still, the Club name delivered a beat-and-raise quarter, which topped estimates across every key metric. None of this stopped Palo Alto shares from falling on the release. We chalked the post-earnings decline up to high expectations heading into the quarter, coupled with investor concerns over a new acquisition of cloud management and monitoring company Chronosphere. Palo Alto is still working to close its multi-billion-dollar acquisition of identity security company CyberArk , announced in July. HSBC now argues the stock’s risk-versus-reward is turning negative, with limited potential for upward estimate revisions for fiscal years 2026 and 2027. We disagree with HSBC’s call, given the momentum we’re seeing across Palo Alto’s businesses. The cybersecurity leader is dominating through its “platformization” strategy, which bundles its products and services. Plus, Palo Alto keeps adding net new platformizations each quarter, converting customers to use its security platform, and is on track to reach its fiscal 2030 target. We also like management’s playbook for acquiring businesses just before they see an industry inflection point. With Chronosphere, Palo Alto believes the entire observability industry needs to change due to the growing presence of AI. We’re reiterating our buy-equivalent 1 rating and $225 price target on the stock. Up next: There are no Club earnings reports next week. Outside of the portfolio, Symbotic, Zoom Communications , Semtech , and Fluence Energy will report after Monday’s close. Wall Street will also get a slew of delayed economic data during the shortened holiday trading week. U.S. retail sales and September’s consumer price index are scheduled for release early Tuesday. Durable goods orders and the Conference Board consumer sentiment are released on Wednesday morning. (See here for a full list of the stocks in Jim Cramer’s Charitable Trust.) As a subscriber to the CNBC Investing Club with Jim Cramer, you will receive a trade alert before Jim makes a trade. Jim waits 45 minutes after sending a trade alert before buying or selling a stock in his charitable trust’s portfolio. If Jim has talked about a stock on CNBC TV, he waits 72 hours after issuing the trade alert before executing the trade. THE ABOVE INVESTING CLUB INFORMATION IS SUBJECT TO OUR TERMS AND CONDITIONS AND PRIVACY POLICY , TOGETHER WITH OUR DISCLAIMER . NO FIDUCIARY OBLIGATION OR DUTY EXISTS, OR IS CREATED, BY VIRTUE OF YOUR RECEIPT OF ANY INFORMATION PROVIDED IN CONNECTION WITH THE INVESTING CLUB. NO SPECIFIC OUTCOME OR PROFIT IS GUARANTEED.
